Filtering MAC Addresses For DHCP

ShakedG · Mar 5, 2015

Hi,
I have a D-Link router+modem and a defined (DHCP disabled) access point, defined with the same SSID. I was looking into filtering MAC addresses on my home network to prevent unwanted devices from joining it. So I went into the main router's settings, and set a list of allowed MAC addresses. The problem is that it only filters who can join the network through this specific router, and it does not filter the DHCP. The end result is that a device that is not defined on the MAC allow list cannot join the network through the main router, but can join the network through the access point, and connect to the internet using it.
Is there a way to either define the filter rules on the access point (whose setting page I cannot access), or preferably to filter the MAC addresses that get an IP from the DHCP server?

McHenryB · Mar 5, 2015

Filtering by MAC address is not really a solution as MACs are so easily spoofed. Just secure the network with a decent encryption password. That's far more effective.

ShakedG · Mar 5, 2015

McHenryB :

Thank you for the response. I understand that MAC filtering is not the optimal option, but it is the most comfortable for the end user, and I would prefer to have it. I also was experiencing problems with IP conflicts, and so I had to set a static IP to each device. I would like to use MAC filtering, to assure that I personally manually assign the IP addresses, and that no unwanted devices connect to the network.

McHenryB · Mar 5, 2015

By "the most comfortable for the end user" it almost sounds as if you intend to use no encryption at all. I'm sure I don't need to tell you how big a mistake that would be, exposing your network to anyone. As I say, MAC filtering is easily bypassed, and you don't need to get an IP address to hack a network - just use a fixed address; there are only so many network ranges that you can use for your network so a simple brute-force attack would crack it in seconds.

Using encryption is not uncomfortable for the end users. You obviously know which machines you want to connect to your network (or else MAC filtering wouldn't be an option); just configure each one the once with the correct details and it's all automatic from then on.

IP conflicts are another matter (and are far more likely to happen with static addresses); the most likely cause is running more than one DHCP server.

ShakedG · Mar 5, 2015

McHenryB :

You're right when it comes to security MAC filtering is pretty obsolete. However I would like every request to connect to the network to go through me, so that I can then set an IP specifically for the device. I assure you I have only 1 DHCP server active, the issue is that some devices lose connection and then try to renew the lease with the same IP even though it is already taken.
In short, it is not a matter of whether I should do it, but rather how. Still, I am grateful for your advice and cooperation.

bill001g · Mar 5, 2015

You could in effect disable the DHCP server. You could put in static ip to mac entries in the DHCP server so it always gives the same IP to the same mac address. But there is really nothing stopping someone from changing their mac and your DHCP server would give them a IP. Of course they can always just assign a static ip in their PC ignoring your DHCP server.

On a consumer router you are extremely limited in your ability to do any form of traffic limitation on the ethernet ports. It is assumed you have control of the devices plugged into the router which does not seem to be the case here.

You really need a true firewall to gain control and even then you will have to find something other than mac address to filter on. It used to be hard to change the mac on a wireless card, now days there are drivers that are as simple as ethernet you go into the settings page and key in whatever you like.

McHenryB · Mar 6, 2015

If you can't access the configuration page of the access point then there's nothing that you can do. But why can't you configure the access point? Are you not authorized to do so? (In which case, I'm out.)

Search

Filtering MAC Addresses For DHCP

ShakedG

Reputable

bill001g

McHenryB

Admirable

ShakedG

Reputable

McHenryB

Admirable

ShakedG

Reputable

bill001g

Titan

McHenryB

Admirable

TRENDING THREADS

Latest posts

Moderators online

Share this page